PHP Remote File Inclusion Vulnerability in JD-Wiki Component for Joomla!
CVE-2006-4074

Currently unrated

Key Information:

Vendor: Joomla
Status: Jd-wiki
Vendor: CVE Published:; 11 August 2006

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2006-4074?

A PHP remote file inclusion vulnerability exists in the JD-Wiki Component (com_jd-wiki) versions 1.0.2 and earlier for Joomla!, specifically in the lib/tpl/default/main.php file. This vulnerability arises when the register_globals setting is enabled, allowing remote attackers to inject arbitrary PHP code through a manipulated URL in the mosConfig_absolute_path parameter. This can lead to unauthorized execution of code on the server, posing significant security risks to affected Joomla! installations.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-4074 - Proof of Concept

References

http://secunia.com/advisories/21389

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/3192

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/19373

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 11, 2006
👾
Exploit known to exist
Aug 11, 2006
Vulnerability published
Aug 11, 2006
Vulnerability Reserved
Aug 10, 2006

CVE-2006-4074 Data

JSON